search cancel

Powershell command to get information about Active Directory domain users and their properties.


Article ID: 174027


Updated On:


Data Loss Prevention Cloud Prevent for Microsoft Office 365 Endpoint Encryption


View an AD user's attributes during troubleshooting.

Permission Denied or doesn't have access to AD


OS: 2008, 2008R2, 2012, 2012R2, 2016, windows 10, etc.

Psversion: 4.0

Pscomaptible versions: {1.0, 2.0, 3.0, 4.0}


Normal Domain users don't have Full access to AD due to security reasons.


From Windows 10 or Windows 7, in order to use the Get-AdUser cmdlet, install the appropriate version of RSAT and enable the Active Directory Module for Windows PowerShell component from Control Panel (Programs > Turn Windows features on or off > Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools > AD DS Tools).


1. Launch Powershell ISE as an administrator.

2. Type Get-aduser "user1" -Properties *

(This command returns a full list of AD attributes and their values associated with the user account)

3. To see the properties PasswordExpired, PasswordLastSet, or PasswordNeverExpires, open the formatting of Get-ADUser output and allow the necessary fields to be displayed:

Get-aduser "user1" -Properties PasswordExpired, PasswordLastSet, PasswordNeverExpires

Additional Information

180156 - How to obtain the Base DN or Bind DN Attributes for LDAP Directory Synchronization for Encryption Management Server